Re: CRIME A couple questions...

From: Tim Kramer (kramert@private)
Date: Thu Nov 14 2002 - 04:11:50 PST

Next message: tobyhush@private: "CRIME Fwd: Fw: LOGS: GIAC GCIA Version 3.4 Practical Detect #4"

Previous message: tobyhush@private: "CRIME Fwd: Fw: LOGS: GIAC GCIA Version 3.4 Practical Detect #4"
In reply to: Seth Arnold: "Re: CRIME A couple questions..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You might want to check your WinPopUp (don't know if that's the
correct name) settings (alert messages).  By default, they're 
turned on to allow the admin to alert all users (for example)
that the network is going down for maintenance.  We had this
problem at the local college.

On Wed, 2002-11-13 at 17:13, Seth Arnold wrote:
> On Wed, Nov 13, 2002 at 11:39:37AM -0800, Todd Ellner wrote:
> 
> [nice ^Ms throughout the email...]
> 
> > 1) A couple of the Windows machines have been getting annoying popup spams.
> > As near as we can tell it's not a Trojan program installed on the boxes. Not
> > a mail message. Not an Instant Messenger thing. Not a web browser. Looks
> > more like a regular dialog box. The Microsoft knowledge base was kind of
> > cryptic. 
> 
> I've heard there is a nice new ActiveX control put together by a porno
> outfit that pops up porn adverts when it feels the time is appropriate.
> I imagine most virus scanners should find it.
> 
> > 2) The first real version of the company's product has to be a little more
> > flexible in terms of "classes of things the administrator can allow users to
> > do". Are there some good books or net resources on formally defining
> > security policies?
> 
> The Common Criteria are frequently cited. I've not read them, but it
> might be an interesting starting point.
> 
> > 3) Checkpoint? SonicWall? Something else that provides good value for the
> > money for a small enterprise? Or should I just fall back on Old Reliable (
> > Building Internet Firewalls 2nd Edition")?
> 
> Me, I really like pf from OpenBSD. Lots of people swear by IPTables.
> ipfw (freebsd) and ipf (from darren reed, available for many unixish
> systems) are also popular choices. Most of these are free or very cheap,
> depending on how you get your media. :) Well, they do cost administrator
> time to learn and configure that some of the nice pretty gui firewall
> configuration wizards might help mitigate some... Oh yeah, and I've never
> used pf on a link with more than 1mBps bandwidth -- using a standard
> cheap PC might not scale to however much bandwidth you've got.
> 
> 
> 
> -- 
> "A mouse can be just as dangerous as a bullet or a bomb."
> -- US Representative Lamar Smith (R-Texas)

Next message: tobyhush@private: "CRIME Fwd: Fw: LOGS: GIAC GCIA Version 3.4 Practical Detect #4"
Previous message: tobyhush@private: "CRIME Fwd: Fw: LOGS: GIAC GCIA Version 3.4 Practical Detect #4"
In reply to: Seth Arnold: "Re: CRIME A couple questions..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 10:12:47 PST